Fix and validate public key derivation

Author: Mrtenz

src/derivers/bip32.test.ts

@@ -51,11 +51,11 @@ describe('deriveChildKey', () => {
       `);
     });
 
-    it.each(fixtures.bip32InvalidPrivateKeys.keys)(
+    it.each(fixtures.errorHandling.bip32.keys)(
       'handles invalid keys using BIP-32 (test vectors)',
       async ({ path, privateKey, chainCode, index, depth }) => {
         const node = await createBip39KeyFromSeed(
-          hexToBytes(fixtures.bip32InvalidPrivateKeys.hexSeed),
+          hexToBytes(fixtures.errorHandling.bip32.hexSeed),
           secp256k1,
         );
 
@@ -103,11 +103,11 @@ describe('deriveChildKey', () => {
       `);
     });
 
-    it.each(fixtures.slip10InvalidPrivateKeys.keys)(
+    it.each(fixtures.errorHandling.slip10.keys)(
       'handles invalid keys using SLIP-10 (test vectors)',
       async ({ path, privateKey, chainCode }) => {
         const node = await createBip39KeyFromSeed(
-          hexToBytes(fixtures.slip10InvalidPrivateKeys.hexSeed),
+          hexToBytes(fixtures.errorHandling.slip10.hexSeed),
           secp256k1,
           'slip10',
         );
@@ -145,8 +145,6 @@ describe('deriveChildKey', () => {
 
   describe('public key derivation', () => {
     it('handles invalid keys using BIP-32', async () => {
-      // TODO: Compare these results to reference implementations.
-
       const node = await SLIP10Node.fromDerivationPath({
         derivationPath: [bip39MnemonicToMultipath(fixtures.local.mnemonic)],
         curve: 'secp256k1',
@@ -168,22 +166,20 @@ describe('deriveChildKey', () => {
       expect(childNode.index).toBe(1);
       expect(childNode).toMatchInlineSnapshot(`
         Object {
-          "chainCode": "0x145e1cca88eec3c355707226a1fb87a91e27e18720d9d91c6555cfa307207dbe",
+          "chainCode": "0x4304d9e48a694baabefba498c2ef85f9e88307f4f621f79f19cbf5f704483130",
           "curve": "secp256k1",
           "depth": 1,
           "index": 1,
           "masterFingerprint": 3293725253,
           "parentFingerprint": 3293725253,
           "privateKey": undefined,
-          "publicKey": "0x047e2329db2561e463f4acaefec0d1c89452592ab393552aaa2f3d1afcc93e03ba51fe19e3d994c4c00cc438fa33af2ba5dc41a7d969c6dcab0724411f52a6ade8",
+          "publicKey": "0x048aa5d3fe38c7e81685f9efa72d8b4e9f2cb61647c954e9cdf324a6eefe8a4a00c2b7fa2b2d3e598c87d244fb4eb8708e402aa5ccd945533f4a6ddbc026f77c7b",
           "specification": "bip32",
         }
       `);
     });
 
     it('handles invalid keys using SLIP-10', async () => {
-      // TODO: Compare these results to reference implementations.
-
       const node = await SLIP10Node.fromDerivationPath({
         derivationPath: [bip39MnemonicToMultipath(fixtures.local.mnemonic)],
         curve: 'secp256k1',

src/derivers/bip32.ts

@@ -376,10 +376,20 @@ async function derivePublicChildKey({
       case 'bip32': {
         validateBIP32Index(childIndex + 1);
 
+        const publicExtension = derivePublicExtension({
+          parentPublicKey: publicKey,
+          childIndex: childIndex + 1,
+        });
+
+        const newEntropy = generateEntropy({
+          chainCode,
+          extension: publicExtension,
+        });
+
         // As per BIP-32, if the resulting key is invalid, the key is generated
         // from the next child index instead.
         return await derivePublicChildKey({
-          entropy,
+          entropy: newEntropy,
           publicKey,
           chainCode,
           depth,

test/fixtures.ts

@@ -777,134 +777,132 @@ export default {
   // these values are generated using mock return values: The first call to
   // `isValidPrivateKey` returns `false`, and any subsequent calls return
   // `true`.
-  bip32InvalidPrivateKeys: {
-    hexSeed:
-      '0x747f302d9c916698912d5f70be53a6cf53bc495803a5523d3a7c3afa2afba94ec3803f838b3e1929ab5481f9da35441372283690fdcf27372c38f40ba134fe03',
-    keys: [
-      {
-        path: {
-          ours: {
-            tuple: [`bip32:3`],
-            string: `bip32:3`,
+  errorHandling: {
+    bip32: {
+      hexSeed:
+        '0x747f302d9c916698912d5f70be53a6cf53bc495803a5523d3a7c3afa2afba94ec3803f838b3e1929ab5481f9da35441372283690fdcf27372c38f40ba134fe03',
+      keys: [
+        {
+          path: {
+            ours: {
+              tuple: [`bip32:3`],
+              string: `bip32:3`,
+            },
+            theirs: `m/3`,
           },
-          theirs: `m/3`,
+          privateKey:
+            '0x4f1502ee43a67a8eae936df0eb9fd7c4cc11c4c4d76cdeb4efb2711319636500',
+          chainCode:
+            '0x576063b42e8e274ceb0a4d5aa2d6eac96334c526634daa7aaf0b44775a08e54e',
+          depth: 1,
+          index: 4,
         },
-        privateKey:
-          '0x4f1502ee43a67a8eae936df0eb9fd7c4cc11c4c4d76cdeb4efb2711319636500',
-        chainCode:
-          '0x576063b42e8e274ceb0a4d5aa2d6eac96334c526634daa7aaf0b44775a08e54e',
-        depth: 1,
-        index: 4,
-      },
-      {
-        path: {
-          ours: {
-            tuple: [`bip32:3`, `bip32:0`],
-            string: `bip32:3/bip32:0`,
+        {
+          path: {
+            ours: {
+              tuple: [`bip32:3`, `bip32:0`],
+              string: `bip32:3/bip32:0`,
+            },
+            theirs: `m/3/0`,
           },
-          theirs: `m/3/0`,
+          privateKey:
+            '0xc54cdf5ee9a8504000b09334c5085513a380f6b30bb5ea5a944bc44e8a720890',
+          chainCode:
+            '0x9018faed4ffcfd70528920a78aef034c76a5c65d9fee0b85ab9d93af2f650b8f',
+          depth: 2,
+          index: 0,
         },
-        privateKey:
-          '0xc54cdf5ee9a8504000b09334c5085513a380f6b30bb5ea5a944bc44e8a720890',
-        chainCode:
-          '0x9018faed4ffcfd70528920a78aef034c76a5c65d9fee0b85ab9d93af2f650b8f',
-        depth: 2,
-        index: 0,
-      },
-      {
-        path: {
-          ours: {
-            tuple: [`bip32:123'`],
-            string: `bip32:123'`,
+        {
+          path: {
+            ours: {
+              tuple: [`bip32:123'`],
+              string: `bip32:123'`,
+            },
+            theirs: `m/123'`,
           },
-          theirs: `m/123'`,
+          privateKey:
+            '0x0b2cb2b767417eb0c62c1d9de3d3d0e45c4136747cf18d70c29adefcc0556a6d',
+          chainCode:
+            '0xb036a60d0615c1f693c0fe1a6fc62ba2b089c964a809a10aa2c4c08d59bb06a2',
+          depth: 1,
+          index: 0x80000000 + 124,
         },
-        privateKey:
-          '0x0b2cb2b767417eb0c62c1d9de3d3d0e45c4136747cf18d70c29adefcc0556a6d',
-        chainCode:
-          '0xb036a60d0615c1f693c0fe1a6fc62ba2b089c964a809a10aa2c4c08d59bb06a2',
-        depth: 1,
-        index: 0x80000000 + 124,
-      },
-      {
-        path: {
-          ours: {
-            tuple: [`bip32:123'`, `bip32:456'`],
-            string: `bip32:123'/bip32:456'`,
+        {
+          path: {
+            ours: {
+              tuple: [`bip32:123'`, `bip32:456'`],
+              string: `bip32:123'/bip32:456'`,
+            },
+            theirs: `m/123'/456'`,
           },
-          theirs: `m/123'/456'`,
+          privateKey:
+            '0x2915b5e7d9eecf028c96400e0490e4ae5e12b16426304810d69d8cccee529c89',
+          chainCode:
+            '0x0a1db8b483d43605120241c81259ea1f64b75c59a3fe5427186ac221cbe3f4d8',
+          depth: 2,
+          index: 0x80000000 + 456,
         },
-        privateKey:
-          '0x2915b5e7d9eecf028c96400e0490e4ae5e12b16426304810d69d8cccee529c89',
-        chainCode:
-          '0x0a1db8b483d43605120241c81259ea1f64b75c59a3fe5427186ac221cbe3f4d8',
-        depth: 2,
-        index: 0x80000000 + 456,
-      },
-    ],
-  },
+      ],
+    },
 
-  // These vectors test the error handling behaviour, when an invalid private
-  // key is derived. The actual chance of this happening is extremely low, so
-  // these values are generated using mock return values: The first call to
-  // `isValidPrivateKey` returns `false`, and any subsequent calls return
-  // `true`.
-  slip10InvalidPrivateKeys: {
-    hexSeed:
-      '0x747f302d9c916698912d5f70be53a6cf53bc495803a5523d3a7c3afa2afba94ec3803f838b3e1929ab5481f9da35441372283690fdcf27372c38f40ba134fe03',
-    keys: [
-      {
-        path: {
-          ours: {
-            tuple: [`bip32:3`],
-            string: `bip32:3`,
+    // Note that this uses the `secp256k1` curve.
+    slip10: {
+      hexSeed:
+        '0x747f302d9c916698912d5f70be53a6cf53bc495803a5523d3a7c3afa2afba94ec3803f838b3e1929ab5481f9da35441372283690fdcf27372c38f40ba134fe03',
+      keys: [
+        {
+          path: {
+            ours: {
+              tuple: [`bip32:3`],
+              string: `bip32:3`,
+            },
+            theirs: `m/3`,
           },
-          theirs: `m/3`,
+          privateKey:
+            '0x7f861ec23cea91757c58ecd4a17dcb9396b3adfdf6a7a97395746fdb5c56854f',
+          chainCode:
+            '0xa801ebec457c8ea6c50dc55bea849384a40c92159ad1972f1a35cc92e145c827',
         },
-        privateKey:
-          '0x7f861ec23cea91757c58ecd4a17dcb9396b3adfdf6a7a97395746fdb5c56854f',
-        chainCode:
-          '0xa801ebec457c8ea6c50dc55bea849384a40c92159ad1972f1a35cc92e145c827',
-      },
-      {
-        path: {
-          ours: {
-            tuple: [`bip32:3`, `bip32:0`],
-            string: `bip32:3/bip32:0`,
+        {
+          path: {
+            ours: {
+              tuple: [`bip32:3`, `bip32:0`],
+              string: `bip32:3/bip32:0`,
+            },
+            theirs: `m/3/0`,
           },
-          theirs: `m/3/0`,
+          privateKey:
+            '0x1657de87ad376e58538e72fe30a7567ddc0a7eef08ee93a6cdcf7c83f4a62786',
+          chainCode:
+            '0x8235d18356fe4ad0f5bd99ef69c57613e871a66aeb3a9abfdd986188858f41f6',
         },
-        privateKey:
-          '0x1657de87ad376e58538e72fe30a7567ddc0a7eef08ee93a6cdcf7c83f4a62786',
-        chainCode:
-          '0x8235d18356fe4ad0f5bd99ef69c57613e871a66aeb3a9abfdd986188858f41f6',
-      },
-      {
-        path: {
-          ours: {
-            tuple: [`bip32:123'`],
-            string: `bip32:123'`,
+        {
+          path: {
+            ours: {
+              tuple: [`bip32:123'`],
+              string: `bip32:123'`,
+            },
+            theirs: `m/123'`,
           },
-          theirs: `m/123'`,
+          privateKey:
+            '0x3967b87fd18ac7cbba8f587ad558070d30b60ba0371e69deb779115001614717',
+          chainCode:
+            '0x7ea274d541b03eef655ba0dce49f80d3618c1206cdc99da662f32b1193225829',
         },
-        privateKey:
-          '0x3967b87fd18ac7cbba8f587ad558070d30b60ba0371e69deb779115001614717',
-        chainCode:
-          '0x7ea274d541b03eef655ba0dce49f80d3618c1206cdc99da662f32b1193225829',
-      },
-      {
-        path: {
-          ours: {
-            tuple: [`bip32:123'`, `bip32:456'`],
-            string: `bip32:123'/bip32:456'`,
+        {
+          path: {
+            ours: {
+              tuple: [`bip32:123'`, `bip32:456'`],
+              string: `bip32:123'/bip32:456'`,
+            },
+            theirs: `m/123'/456'`,
           },
-          theirs: `m/123'/456'`,
+          privateKey:
+            '0xe533b68958c076ce6d42420d61695d83a0a1af24a9ae5564b7679f52d6dd6f5e',
+          chainCode:
+            '0xfbd82ae4ac9f4e8176034b54a7ed5a2b836879bb1f94b136890fc86fcf4cd4c5',
         },
-        privateKey:
-          '0xe533b68958c076ce6d42420d61695d83a0a1af24a9ae5564b7679f52d6dd6f5e',
-        chainCode:
-          '0xfbd82ae4ac9f4e8176034b54a7ed5a2b836879bb1f94b136890fc86fcf4cd4c5',
-      },
-    ],
+      ],
+    },
   },
 } as const;